CVE-2025-30048

Vulnerability Description

The "serverConfig" endpoint, which returns the module configuration including credentials, is accessible without authentication.

Related Weaknesses (CWE)

CWE-306

References

https://cert.pl/en/posts/2025/08/CVE-2025-2313/

FAQ

What is CVE-2025-30048?

CVE-2025-30048 is a documented vulnerability. The "serverConfig" endpoint, which returns the module configuration including credentials, is accessible without authentication.

How severe is CVE-2025-30048?

CVSS scoring is not yet available for CVE-2025-30048. Check NVD for updates.

Is there a patch for CVE-2025-30048?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.